Project

General

Profile

Bug #15597

Update relayd dependencies to fix RUSTSEC-2019-0013

Added by Alexis MOUSSET 2 months ago. Updated 7 days ago.

Status:
Released
Priority:
N/A
Category:
Relay server or API
Target version:
Severity:
User visibility:
Effort required:
Priority:
0

Description

cd relayd && cargo audit
    Fetching advisory database from `https://github.com/RustSec/advisory-db.git`
      Loaded 34 security advisories (from /home/jenkins/.cargo/advisory-db)
    Scanning Cargo.lock for vulnerabilities (273 crate dependencies)
error: Vulnerable crates found!

ID:     RUSTSEC-2019-0013
Crate:     spin
Version: 0.5.1
Date:     2019-08-27
URL:     https://github.com/mvdnes/spin-rs/issues/65
Title:     Wrong memory orderings in RwLock potentially violates mutual exclusion
Solution: upgrade to: >= 0.5.2

Associated revisions

Revision 3a459709 (diff)
Added by Alexis MOUSSET 2 months ago

Fixes #15597: Update relayd dependencies to fix RUSTSEC-2019-0013

History

#1

Updated by Alexis MOUSSET 2 months ago

  • Status changed from New to In progress
  • Assignee set to Alexis MOUSSET
#2

Updated by Alexis MOUSSET 2 months ago

  • Status changed from In progress to Pending technical review
  • Assignee changed from Alexis MOUSSET to Benoît PECCATTE
  • Pull Request set to https://github.com/Normation/rudder/pull/2433
#3

Updated by Alexis MOUSSET 2 months ago

  • Status changed from Pending technical review to Pending release
#4

Updated by Vincent MEMBRÉ 7 days ago

  • Status changed from Pending release to Released

This bug has been fixed in Rudder 6.0.0~beta1 which was released today.

Also available in: Atom PDF